Support escaping of commas in x509_string_to_names()

This commit is contained in:
Paul Bakker 2014-08-08 12:22:30 +02:00 committed by Manuel Pégourié-Gonnard
parent 333fdeca3a
commit 8dcb2d7d7e
6 changed files with 98 additions and 4 deletions

View file

@ -1,5 +1,9 @@
PolarSSL ChangeLog (Sorted per branch, date) PolarSSL ChangeLog (Sorted per branch, date)
= 1.3 branch
Bugfix
* Support escaping of commas in x509_string_to_names()
= PolarSSL 1.3.8 released 2014-07-11 = PolarSSL 1.3.8 released 2014-07-11
Security Security
* Fix length checking for AEAD ciphersuites (found by Codenomicon). * Fix length checking for AEAD ciphersuites (found by Codenomicon).

View file

@ -143,6 +143,8 @@
#define X509_FORMAT_DER 1 #define X509_FORMAT_DER 1
#define X509_FORMAT_PEM 2 #define X509_FORMAT_PEM 2
#define X509_MAX_DN_NAME_SIZE 256 /**< Maximum value size of a DN entry */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif

View file

@ -750,7 +750,7 @@ int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
unsigned char c; unsigned char c;
const x509_name *name; const x509_name *name;
const char *short_name = NULL; const char *short_name = NULL;
char s[128], *p; char s[X509_MAX_DN_NAME_SIZE], *p;
memset( s, 0, sizeof( s ) ); memset( s, 0, sizeof( s ) );

View file

@ -100,6 +100,8 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
const char *end = s + strlen( s ); const char *end = s + strlen( s );
const char *oid = NULL; const char *oid = NULL;
int in_tag = 1; int in_tag = 1;
char data[X509_MAX_DN_NAME_SIZE];
char *d = data;
/* Clear existing chain if present */ /* Clear existing chain if present */
asn1_free_named_data_list( head ); asn1_free_named_data_list( head );
@ -116,13 +118,25 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
s = c + 1; s = c + 1;
in_tag = 0; in_tag = 0;
d = data;
} }
if( !in_tag && ( *c == ',' || c == end ) ) if( !in_tag && *c == '\\' && c != end )
{
c++;
/* Check for valid escaped characters */
if( c == end || *c != ',' )
{
ret = POLARSSL_ERR_X509_INVALID_NAME;
goto exit;
}
}
else if( !in_tag && ( *c == ',' || c == end ) )
{ {
if( asn1_store_named_data( head, oid, strlen( oid ), if( asn1_store_named_data( head, oid, strlen( oid ),
(unsigned char *) s, (unsigned char *) data,
c - s ) == NULL ) d - data ) == NULL )
{ {
return( POLARSSL_ERR_X509_MALLOC_FAILED ); return( POLARSSL_ERR_X509_MALLOC_FAILED );
} }
@ -133,6 +147,18 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
s = c + 1; s = c + 1;
in_tag = 1; in_tag = 1;
} }
if( !in_tag && s != c + 1 )
{
*(d++) = *c;
if( d - data == X509_MAX_DN_NAME_SIZE )
{
ret = POLARSSL_ERR_X509_INVALID_NAME;
goto exit;
}
}
c++; c++;
} }

View file

@ -57,3 +57,21 @@ x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1
Certificate write check Server1 SHA1, version 1 Certificate write check Server1 SHA1, version 1
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt" x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt"
X509 String to Names #1
x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
X509 String to Names #2
x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":POLARSSL_ERR_X509_UNKNOWN_OID
X509 String to Names #3 (Name precisely 255 bytes)
x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0
X509 String to Names #4 (Name larger than 255 bytes)
x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":POLARSSL_ERR_X509_INVALID_NAME
X509 String to Names #5 (Escape non-allowed characters)
x509_string_to_names:"C=NL, O=Offspark\a Inc., OU=PolarSSL":"":POLARSSL_ERR_X509_INVALID_NAME
X509 String to Names #6 (Escape at end)
x509_string_to_names:"C=NL, O=Offspark\":"":POLARSSL_ERR_X509_INVALID_NAME

View file

@ -132,3 +132,47 @@ exit:
mpi_free( &serial ); mpi_free( &serial );
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_X509_CREATE_C:POLARSSL_X509_USE_C */
void x509_string_to_names( char *name, char *parsed_name, int result )
{
int ret;
size_t len = 0;
asn1_named_data *names = NULL;
x509_name parsed, *parsed_cur, *parsed_prv;
unsigned char buf[2048], *c;
memset( &parsed, 0, sizeof( parsed ) );
memset( buf, 0, sizeof( buf ) );
c = buf + sizeof( buf );
ret = x509_string_to_names( &names, name );
TEST_ASSERT( ret == result );
if( ret != 0 )
goto exit;
ret = x509_write_names( &c, buf, names );
TEST_ASSERT( ret > 0 );
TEST_ASSERT( asn1_get_tag( &c, buf + sizeof( buf ), &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) == 0 );
TEST_ASSERT( x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 );
ret = x509_dn_gets( (char *) buf, sizeof( buf ), &parsed );
TEST_ASSERT( ret > 0 );
TEST_ASSERT( strcmp( (char *) buf, parsed_name ) == 0 );
exit:
asn1_free_named_data_list( &names );
parsed_cur = parsed.next;
while( parsed_cur != 0 )
{
parsed_prv = parsed_cur;
parsed_cur = parsed_cur->next;
polarssl_free( parsed_prv );
}
}
/* END_CASE */